-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathbpf-filter.db
executable file
·1 lines (1 loc) · 4.06 KB
/
bpf-filter.db
1
{"gitRepoUrl": "https://github.com/ebpf-networking/bpf-filter.git", "commitId": "ea73e8b45f4712766bd867079acc527b6fd98d68", "humanFuncDescription": [{"filePath": "ebpf/drop.c", "funcName": "compare_mac", "startLine": 76, "endLine": 86, "description": "This function compares mac addresses represented by two unsigned char arrays of length 6 mac1 and mac2 passed as arguments, returns 1 if true else 0", "author": "Theophilus A. Benson", "authorEmail": "[email protected]", "date": "2023-02-22"}, {"filePath": "ebpf/drop.c", "funcName": "compare_mac", "startLine": 76, "endLine": 86, "description": "This function compares mac addresses represented by two unsigned char arrays of length 6 mac1 and mac2 passed as arguments, returns 1 if true else 0", "author": "Theophilus A. Benson", "authorEmail": "[email protected]", "date": "2023-02-22"}, {"filePath": "ebpf/drop.c", "funcName": "is_broadcast_mac", "startLine": 88, "endLine": 98, "description": "This function returns if the mac addressed m passed as an unsigned char array of length 6 equals 0xffffffffffff which is the broadcast mac, returns 1 if equal else 0", "author": "Theophilus A. Benson", "authorEmail": "[email protected]", "date": "2023-02-20"}, {"filePath": "ebpf/drop.c", "funcName": "is_broadcast_mac", "startLine": 88, "endLine": 98, "description": "This function returns if the mac addressed m passed as an unsigned char array of length 6 equals 0xffffffffffff which is the broadcast mac, returns 1 if equal else 0", "author": "Theophilus A. Benson", "authorEmail": "[email protected]", "date": "2023-02-20"}, {"filePath": "ebpf/drop.c", "funcName": "filter", "startLine": 117, "endLine": 227, "description": "This is a wrapper function which calls the base function filter with the same arument passed to it and returns its value", "author": "Theophilus A. Benson", "authorEmail": "[email protected]", "date": "2023-02-20"}, {"filePath": "ebpf/drop.c", "funcName": "filter", "startLine": 117, "endLine": 227, "description": "This function performs the action of a filter which allows packets only with certain mac and ip address to pass through.The filter described below is to be attached on the root interface of a pod's veth pair at TC layer and filters the outgoing traffic from pod. It takes in a packet in sk_buff form as argument. It first checks if the packet is well formed. If it is, it will reads a map called iface_stat_map using the packet ingress interface as the key, this map stores the counter of passed or dropped packets. Then, the filter reads maps called iface_map and iface_ip_map also with ingress interface of the packet as the key. First map returns the mac address which is allowed to pass through the interface and second contains the ip address which is allowed. The filter applied is of this form, allow packets coming from the pod only in these cases, 1) if the source or dest mac are broadcast addresses then allow, 2) if the packet source mac address matches that of the pod then allow, 3) if the packet source ip matches that of the pod then allow.Filter doesn't stop the traffic going towards the pod.Note that all the above filters are applied to the packet and traffic is allowed only in the cases mentioned aboveIt also prints the matching/unmatching mac or ip addresses.Returns TC_ACT_OK if filter passes else TC_ACT_SHOT. The filter also records the PASS or SHOT statistics in the map iface_stat_map", "author": "Theophilus A. Benson", "authorEmail": "[email protected]", "date": "2023-02-20"}, {"filePath": "ebpf/drop.c", "funcName": "bpf_filter", "startLine": 229, "endLine": 232, "description": "This is a wrapper function which calls the base function filter with the same arument passed to it and returns its value", "author": "Theophilus A. Benson", "authorEmail": "[email protected]", "date": "2023-02-20"}, {"filePath": "ebpf/drop.c", "funcName": "bpf_filter", "startLine": 229, "endLine": 232, "description": "This is a wrapper function which calls the base function filter with the same arument passed to it and returns its value", "author": "Theophilus A. Benson", "authorEmail": "[email protected]", "date": "2023-02-20"}]}